Risks and rewards of open Chinese AI

Earlier this month, the US government restricted non-American citizens from using Anthropic’s Fable and Mythos AI models.
US-based Anthropic announced the Mythos model in 2026 but was concerned it was too powerful to allow anyone to use it. The company feared it could find and exploit cybersecurity vulnerabilities in all major software systems.
That’s why they launched the ‘Glasswing project’ in April as a way to make software from large, trusted companies cyber-ready before it’s released to the public.
Project Glasswing was initially open to other major American companies and eventually other trusted government allies, including the Australian government.
There was a lot of excitement about this model but reports indicated that it was very talented. Some were skeptical because this wasn’t the first time an AI company had voiced concerns about the dangers of releasing its model to the world.
For example, in 2019, Open-AI did not use the GPT-2 model because it was too dangerous. But here we are, seven years later, with GPT-5.5 in open access, and the world hasn’t collapsed in an insurmountable pile of AI collapse (at least not yet).
As pressure grew on Anthropic to release the Mythos model, it announced a limited edition called Fable. Controversially, Anthropic’s guards analyzed the user’s input and quietly switched the behind-the-scenes model to the less capable Opus 4.8 model.
However, shortly after launch, users complained that the security filters were too active, and people with legitimate requests felt that the filters were being quietly replaced. Anthropic later apologized for this approach, but then US government export restrictions came into effect and locked the model down.
This resulted in the removal of non-US citizen access to the previous Glasswing initiative project.
Anthropic’s hype was extremely effective in scaring the US government.
On the same day the US government locked down Fable (June 13), Chinese AI lab Z.ai released GLM 5.2, its best vulnerability-heavy AI model to date.
Early benchmarks show that this model is almost as good as the Opus 4.8; This means Fable is just as good as the dumber model it will redirect to when it gets a questionable request.
Unlike Opus 4.8, the GLM model is completely open source, with its structure and weight open to everyone. Now anyone with access to a supercomputer or data center can run it. And you can run it and be sure it won’t redirect your request to an even dumber model.
This doesn’t mean that Chinese models don’t have their own quirks. Most of these models will present the Chinese government’s perspective when asked about certain topics, but because they are open, developers can adjust their internal structure to make them more willing to do whatever the user requests.
This also means they could be forced to help with cybersecurity exploits or other bad things. And this is a real risk.
As these models become increasingly better, they can be used to help create even better models, in what is known as a ‘jump take-off’ artificial general intelligence (AGI) scenario.
But in a fast takeoff scenario, I think it’s better to have AGI shared and open rather than closed and locked.
If you don’t care about any AI research and just want to know whether Chinese models are safe to use, the answer is yes. And if you’re really paranoid, then the safest way is to host the model yourself.
If you’re working with sensitive data or software, setting it up to run on your own servers and with limited or no internet access will give you nearly state-of-the-art AI at a fraction of the cost and with 100 percent privacy.
• John Vial has a PhD in robotics and has spent the last few years leading teams focusing on artificial intelligence and robotics at large businesses in Perth.


